From: dewar@merv.cs.nyu.edu (Robert Dewar)
Subject: Re: Safety-critical development in Ada and Eiffel
Date: 1997/08/24
Date: 1997-08-24T00:00:00+00:00 [thread overview]
Message-ID: <dewar.872433756@merv> (raw)
Nick writes
<<> OK, so if you can't write such requirements in a rigorous way, how can
> you write the application. If you can write an application that meets
> the requirements, you can write a coded spec for the problem. In the
> extreme case, the code for the application is the specification.>>
Many people have made statements like this, but in my experience, this is
quite false. It is often the case that it is impossible to write down
requirements in a rigorous way, either because you don't know what they
are, or they are stated at a level of abstraction ("use a pleasing color
scheme, easy on the eyes, for the GUI") that is not susceptible to
formalization.
Sure, the code for the application is *a* specification of *something*, but
most likely it is *not* *the* desired specification.
This is often frustrating to those who want a nice clean theoretical
model that guarantees reliable code, but we need methods that can indeed
handle the more general case where we do not always have rigorous
specifications.
Note that the problem of not being able to create such specifications
is not restricted to hardware. Consider the two requirements that
were placed on the IBM Trackpoint before its release:
(a) On average, people must find it as easy to use out of the box as a
trackball, even if they have experience with a trackball.
(b) On average, people must find the trackpoint as easy to use as a mouse
given extensive practice with both.
These were taken very seriously, and the release of the product was
delayed until these requirements were met. But I don't see how you
could formalize these requirements into a form that would rigorously
tell you if your mechanical device met these requirements.
Once I heard Wirth state that one should simply refuse to attempt to
write a program in such circumstances. His point was that it was impossible
to guarantee correctness by the method he was proposing at the time
(successive refinement, maintaining the invariant of correctness).
My response (that what we needed was reliability, not correctness, and
that correctness was only a tool to achieve reoliability), drew applause
from the audience, which was frustrated by this narrow view.
Things are not as simple as one might hope :-)
next reply other threads:[~1997-08-24 0:00 UTC|newest]
Thread overview: 255+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-08-24 0:00 Robert Dewar [this message]
-- strict thread matches above, loose matches on Subject: below --
1997-07-24 0:00 Safety-critical development in Ada and Eiffel Marin David Condic, 561.796.8997, M/S 731-96
1997-07-21 0:00 Marin David Condic, 561.796.8997, M/S 731-96
1997-07-21 0:00 ` Ken Garlington
1997-07-21 0:00 Marin David Condic, 561.796.8997, M/S 731-96
1997-07-21 0:00 ` Ken Garlington
1997-07-18 0:00 Marin David Condic, 561.796.8997, M/S 731-96
1997-07-18 0:00 Marin David Condic, 561.796.8997, M/S 731-96
1997-07-22 0:00 ` Karel Th�nissen
1997-07-18 0:00 Marin David Condic, 561.796.8997, M/S 731-96
1997-07-18 0:00 Marin David Condic, 561.796.8997, M/S 731-96
1997-07-17 0:00 Marin David Condic, 561.796.8997, M/S 731-96
1997-07-17 0:00 ` Samuel Mize
1997-07-17 0:00 ` Ken Garlington
1997-07-09 0:00 Is ADA as good for graphics programming as C? (WAS: Re: Avoiding the second historic mistake) Tucker Taft
1997-07-10 0:00 ` Safety-critical development in Ada and Eiffel Don Harrison
1997-07-10 0:00 ` Mike Stark
1997-07-11 0:00 ` Donovan Baarda
1997-07-13 0:00 ` Steve Furlong
1997-07-16 0:00 ` Joachim Durchholz
1997-07-17 0:00 ` Robert Dewar
1997-07-17 0:00 ` Ken Garlington
1997-07-18 0:00 ` Jon S Anthony
1997-07-18 0:00 ` Nick Leaton
1997-07-18 0:00 ` Jon S Anthony
1997-07-18 0:00 ` John Nagle
1997-07-18 0:00 ` Jon S Anthony
1997-07-10 0:00 ` Joe Gwinn
1997-07-11 0:00 ` Robert S. White
1997-07-15 0:00 ` Don Harrison
1997-07-15 0:00 ` Ken Garlington
1997-07-16 0:00 ` Don Harrison
1997-07-10 0:00 ` Ken Garlington
1997-07-11 0:00 ` Ted Velkoff
1997-07-12 0:00 ` Ken Garlington
1997-07-13 0:00 ` Jon S Anthony
1997-07-14 0:00 ` Wes Groleau
1997-07-15 0:00 ` Jon S Anthony
1997-07-15 0:00 ` Don Harrison
1997-07-15 0:00 ` Ken Garlington
1997-07-16 0:00 ` Paul Johnson
1997-07-16 0:00 ` Ken Garlington
1997-07-17 0:00 ` Paul Johnson
1997-07-17 0:00 ` Ken Garlington
1997-07-18 0:00 ` Paul Johnson
1997-07-18 0:00 ` Jon S Anthony
1997-07-18 0:00 ` Ken Garlington
1997-07-21 0:00 ` Paul Johnson
1997-07-17 0:00 ` Jon S Anthony
[not found] ` <EDHqKo.K52@world.std.com>
1997-07-18 0:00 ` Jon S Anthony
1997-07-19 0:00 ` Robert A Duff
1997-07-20 0:00 ` Tucker Taft
1997-07-11 0:00 ` Don Harrison
1997-07-11 0:00 ` Kazimir Majorinc
1997-07-12 0:00 ` Ken Garlington
1997-07-11 0:00 ` Don Harrison
1997-07-11 0:00 ` James Graves
1997-07-14 0:00 ` Don Harrison
1997-07-12 0:00 ` Ken Garlington
1997-07-15 0:00 ` Don Harrison
1997-07-15 0:00 ` Wes Groleau
1997-07-15 0:00 ` Ken Garlington
1997-07-16 0:00 ` Don Harrison
1997-07-16 0:00 ` Ken Garlington
1997-07-16 0:00 ` Robert Dewar
1997-07-17 0:00 ` Paul Johnson
1997-07-17 0:00 ` Stuart Palin
1997-07-18 0:00 ` Ian Rae
1997-07-18 0:00 ` Paul Johnson
1997-07-17 0:00 ` Jon S Anthony
1997-07-18 0:00 ` Joachim Durchholz
1997-07-18 0:00 ` Don Harrison
1997-07-20 0:00 ` Don Harrison
1997-07-18 0:00 ` Robert I. Eachus
1997-07-21 0:00 ` W. Wesley Groleau x4923
1997-07-15 0:00 ` Ken Garlington
1997-07-16 0:00 ` Jean-Marc Jezequel
1997-07-16 0:00 ` Ken Garlington
1997-07-17 0:00 ` "Paul E. Bennett"
1997-07-17 0:00 ` Robert Dewar
1997-07-17 0:00 ` Joachim Durchholz
1997-07-19 0:00 ` Ken Garlington
1997-07-21 0:00 ` Robert S. White
1997-07-20 0:00 ` nabbasi
1997-07-21 0:00 ` W. Wesley Groleau x4923
1997-07-18 0:00 ` Don Harrison
1997-07-18 0:00 ` Ken Garlington
1997-07-22 0:00 ` Don Harrison
1997-07-21 0:00 ` Ken Garlington
1997-07-23 0:00 ` Don Harrison
1997-07-23 0:00 ` W. Wesley Groleau x4923
1997-07-24 0:00 ` Don Harrison
1997-07-24 0:00 ` Ken Garlington
1997-07-26 0:00 ` Joachim Durchholz
1997-07-31 0:00 ` Ken Garlington
1997-07-28 0:00 ` Nick Leaton
1997-07-28 0:00 ` Steve Jones - JON
1997-07-31 0:00 ` Ken Garlington
1997-07-29 0:00 ` Don Harrison
1997-07-31 0:00 ` Ken Garlington
1997-08-07 0:00 ` Don Harrison
1997-08-07 0:00 ` Ken Garlington
1997-08-09 0:00 ` Jim Cochrane
1997-08-11 0:00 ` Paul Johnson
1997-08-11 0:00 ` Ken Garlington
1997-08-12 0:00 ` Mark A Biggar
1997-08-19 0:00 ` Robert Dewar
1997-08-19 0:00 ` Bertrand Meyer
1997-08-19 0:00 ` Robert Dewar
1997-08-20 0:00 ` Lee Webber
1997-08-21 0:00 ` Don Harrison
1997-08-23 0:00 ` Ken Garlington
1997-08-20 0:00 ` Nick Leaton
1997-08-21 0:00 ` Jon S Anthony
1997-08-22 0:00 ` Nick Leaton
1997-08-21 0:00 ` Joachim Durchholz
1997-08-19 0:00 ` Nick Leaton
1997-08-20 0:00 ` Ken Garlington
1997-08-26 0:00 ` Richard A. O'Keefe
1997-08-13 0:00 ` Paul Johnson
1997-08-13 0:00 ` Ken Garlington
1997-08-15 0:00 ` Paul Johnson
1997-08-15 0:00 ` Ken Garlington
1997-08-18 0:00 ` Joachim Durchholz
1997-08-19 0:00 ` Ken Garlington
1997-08-20 0:00 ` Nick Leaton
1997-08-20 0:00 ` Nasser
1997-08-21 0:00 ` Jon S Anthony
1997-08-22 0:00 ` Nick Leaton
1997-08-23 0:00 ` Ken Garlington
1997-08-21 0:00 ` Joachim Durchholz
1997-08-23 0:00 ` Ken Garlington
1997-08-12 0:00 ` Don Harrison
1997-08-12 0:00 ` Jon S Anthony
1997-08-13 0:00 ` Don Harrison
1997-08-13 0:00 ` Jon S Anthony
1997-08-15 0:00 ` Don Harrison
1997-08-16 0:00 ` Jon S Anthony
1997-08-13 0:00 ` Samuel Mize
1997-08-13 0:00 ` Robert A Duff
1997-08-14 0:00 ` Jon S Anthony
1997-08-15 0:00 ` Don Harrison
1997-08-16 0:00 ` Ken Garlington
1997-08-13 0:00 ` Ted Velkoff
1997-08-13 0:00 ` Ken Garlington
1997-08-13 0:00 ` Ted Velkoff
1997-08-14 0:00 ` Matt Austern
1997-08-14 0:00 ` Ted Velkoff
1997-08-18 0:00 ` Matt Austern
1997-08-20 0:00 ` Joachim Durchholz
1997-08-21 0:00 ` Jon S Anthony
1997-08-22 0:00 ` Joachim Durchholz
1997-08-15 0:00 ` Ken Garlington
1997-08-16 0:00 ` Ted Velkoff
1997-08-16 0:00 ` Ken Garlington
1997-08-16 0:00 ` Jon S Anthony
1997-08-16 0:00 ` Ken Garlington
1997-08-18 0:00 ` Ted Velkoff
1997-08-18 0:00 ` Ted Velkoff
1997-08-19 0:00 ` Ken Garlington
1997-08-14 0:00 ` Nick Leaton
1997-08-16 0:00 ` Robert Dewar
1997-08-18 0:00 ` Joachim Durchholz
1997-08-19 0:00 ` Ken Garlington
1997-08-21 0:00 ` Joachim Durchholz
1997-08-23 0:00 ` Ken Garlington
1997-08-13 0:00 ` Jon S Anthony
1997-08-12 0:00 ` Ken Garlington
1997-08-23 0:00 ` W. Wesley Groleau x4923
1997-08-23 0:00 ` Robert Dewar
1997-07-23 0:00 ` Ken Garlington
1997-07-25 0:00 ` Don Harrison
1997-07-16 0:00 ` Warwick Pulley
1997-07-16 0:00 ` Nick Leaton
1997-07-16 0:00 ` Robert Dewar
1997-07-20 0:00 ` Joachim Durchholz
1997-07-24 0:00 ` Paul M Gover
1997-07-26 0:00 ` Joachim Durchholz
1997-07-28 0:00 ` Robert S. White
1997-08-09 0:00 ` Marinos J. Yannikos
1997-08-10 0:00 ` Robert S. White
1997-08-11 0:00 ` Peter Hamer
1997-08-11 0:00 ` "Paul E. Bennett"
1997-07-29 0:00 ` Don Harrison
1997-07-24 0:00 ` Joe Buck
1997-07-21 0:00 ` Don Harrison
1997-07-17 0:00 ` Warwick Pulley
1997-07-17 0:00 ` Warwick Pulley
1997-07-17 0:00 ` Nick Leaton
1997-07-17 0:00 ` Richie Bielak
1997-07-17 0:00 ` Ken Garlington
1997-07-23 0:00 ` Don Harrison
1997-07-23 0:00 ` Ken Garlington
1997-07-25 0:00 ` Don Harrison
1997-07-17 0:00 ` Samuel Tardieu
1997-07-17 0:00 ` Richie Bielak
1997-07-23 0:00 ` Don Harrison
1997-07-23 0:00 ` Ken Garlington
1997-07-25 0:00 ` Don Harrison
1997-07-23 0:00 ` Karel Th�nissen
1997-07-24 0:00 ` Don Harrison
1997-07-24 0:00 ` Don Harrison
1997-07-24 0:00 ` Ken Garlington
1997-07-29 0:00 ` Don Harrison
1997-07-29 0:00 ` Ron Kohl
1997-07-29 0:00 ` Don Harrison
1997-07-30 0:00 ` Don Harrison
1997-07-31 0:00 ` Ken Garlington
1997-08-07 0:00 ` Don Harrison
1997-08-07 0:00 ` Ken Garlington
1997-08-13 0:00 ` Don Harrison
1997-08-13 0:00 ` Ken Garlington
1997-08-14 0:00 ` Don Harrison
1997-08-15 0:00 ` Don Harrison
1997-08-15 0:00 ` Ken Garlington
1997-08-16 0:00 ` Jon S Anthony
1997-08-19 0:00 ` Don Harrison
1997-08-20 0:00 ` Ken Garlington
1997-08-15 0:00 ` Ken Garlington
1997-08-19 0:00 ` Don Harrison
1997-08-19 0:00 ` Lee Webber
1997-08-20 0:00 ` Ken Garlington
1997-08-21 0:00 ` Don Harrison
1997-08-15 0:00 ` Lee Webber
1997-08-19 0:00 ` Don Harrison
1997-08-19 0:00 ` Lee Webber
1997-07-23 0:00 ` Jon S Anthony
1997-07-24 0:00 ` Don Harrison
1997-07-24 0:00 ` Jon S Anthony
1997-07-17 0:00 ` Karel Th�nissen
1997-07-23 0:00 ` Don Harrison
1997-07-23 0:00 ` Ken Garlington
1997-07-25 0:00 ` Don Harrison
1997-07-17 0:00 ` Ken Garlington
[not found] ` <JSA.97Jul17174044@alexandria.organon.com>
1997-07-18 0:00 ` Nick Leaton
1997-07-18 0:00 ` Joachim Durchholz
1997-07-17 0:00 ` Don Harrison
1997-07-17 0:00 ` Karel Th�nissen
1997-07-21 0:00 ` Don Harrison
1997-07-17 0:00 ` Robert Dewar
1997-07-22 0:00 ` Don Harrison
1997-07-17 0:00 ` Robert Dewar
1997-07-18 0:00 ` Jon S Anthony
1997-07-19 0:00 ` Robert A Duff
1997-07-21 0:00 ` W. Wesley Groleau x4923
1997-07-21 0:00 ` Don Harrison
1997-07-21 0:00 ` Jon S Anthony
1997-07-21 0:00 ` Brian Rogoff
1997-07-16 0:00 ` Alan Brain
1997-07-18 0:00 ` Don Harrison
1997-07-22 0:00 ` Alan Brain
1997-07-22 0:00 ` Don Harrison
1997-07-23 0:00 ` Jon S Anthony
1997-07-24 0:00 ` Don Harrison
1997-07-25 0:00 ` Alan Brain
1997-07-25 0:00 ` Jon S Anthony
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox